From 8e18546b449387a77772bcb4a2f4b0200219c844 Mon Sep 17 00:00:00 2001
From: Methapon2001 <61303214+Methapon2001@users.noreply.github.com>
Date: Wed, 3 Jul 2024 09:51:19 +0700
Subject: [PATCH] feat: add more role to each endpoint

---
 src/controllers/product/group-controller.ts   | 6 +++---
 src/controllers/product/product-controller.ts | 6 +++---
 src/controllers/product/type-controller.ts    | 8 ++++----
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/controllers/product/group-controller.ts b/src/controllers/product/group-controller.ts
index d3dff29..bc135fb 100644
--- a/src/controllers/product/group-controller.ts
+++ b/src/controllers/product/group-controller.ts
@@ -128,7 +128,7 @@ export class ProductGroup extends Controller {
   }
 
   @Post()
-  @Security("keycloak", ["system", "head_of_admin", "admin", "accountant"])
+  @Security("keycloak", ["system", "head_of_admin", "admin", "branch_accountant", "accountant"])
   async createProductGroup(@Request() req: RequestWithUser, @Body() body: ProductGroupCreate) {
     const record = await prisma.$transaction(
       async (tx) => {
@@ -166,7 +166,7 @@ export class ProductGroup extends Controller {
   }
 
   @Put("{groupId}")
-  @Security("keycloak", ["system", "head_of_admin", "admin", "accountant"])
+  @Security("keycloak", ["system", "head_of_admin", "admin", "branch_accountant", "accountant"])
   async editProductGroup(
     @Request() req: RequestWithUser,
     @Body() body: ProductGroupUpdate,
@@ -193,7 +193,7 @@ export class ProductGroup extends Controller {
   }
 
   @Delete("{groupId}")
-  @Security("keycloak", ["system", "head_of_admin", "admin", "accountant"])
+  @Security("keycloak", ["system", "head_of_admin", "admin", "branch_accountant", "accountant"])
   async deleteProductGroup(@Path() groupId: string) {
     const record = await prisma.productGroup.findFirst({ where: { id: groupId } });
 
diff --git a/src/controllers/product/product-controller.ts b/src/controllers/product/product-controller.ts
index 7e3d2f4..7fb7cd1 100644
--- a/src/controllers/product/product-controller.ts
+++ b/src/controllers/product/product-controller.ts
@@ -164,7 +164,7 @@ export class ProductController extends Controller {
   }
 
   @Post()
-  @Security("keycloak")
+  @Security("keycloak", ["system", "head_of_admin", "admin", "branch_accountant", "accountant"])
   async createProduct(@Request() req: RequestWithUser, @Body() body: ProductCreate) {
     const productType = await prisma.productType.findFirst({
       include: {
@@ -241,7 +241,7 @@ export class ProductController extends Controller {
   }
 
   @Put("{productId}")
-  @Security("keycloak")
+  @Security("keycloak", ["system", "head_of_admin", "admin", "branch_accountant", "accountant"])
   async editProduct(
     @Request() req: RequestWithUser,
     @Body() body: ProductUpdate,
@@ -294,7 +294,7 @@ export class ProductController extends Controller {
   }
 
   @Delete("{productId}")
-  @Security("keycloak")
+  @Security("keycloak", ["system", "head_of_admin", "admin", "branch_accountant", "accountant"])
   async deleteProduct(@Path() productId: string) {
     const record = await prisma.product.findFirst({ where: { id: productId } });
 
diff --git a/src/controllers/product/type-controller.ts b/src/controllers/product/type-controller.ts
index 8f6e2b6..886eb5c 100644
--- a/src/controllers/product/type-controller.ts
+++ b/src/controllers/product/type-controller.ts
@@ -87,7 +87,7 @@ export class ProductType extends Controller {
   }
 
   @Get("{typeId}")
-  @Security("keycloak", ["system", "head_of_admin", "admin", "accountant"])
+  @Security("keycloak", ["system", "head_of_admin", "admin", "branch_accountant", "accountant"])
   async getProductTypeById(@Path() typeId: string) {
     const record = await prisma.productType.findFirst({
       where: { id: typeId },
@@ -104,7 +104,7 @@ export class ProductType extends Controller {
   }
 
   @Post()
-  @Security("keycloak", ["system", "head_of_admin", "admin", "accountant"])
+  @Security("keycloak", ["system", "head_of_admin", "admin", "branch_accountant", "accountant"])
   async createProductType(@Request() req: RequestWithUser, @Body() body: ProductTypeCreate) {
     const productGroup = await prisma.productGroup.findFirst({
       where: { id: body.productGroupId },
@@ -161,7 +161,7 @@ export class ProductType extends Controller {
   }
 
   @Put("{typeId}")
-  @Security("keycloak", ["system", "head_of_admin", "admin", "accountant"])
+  @Security("keycloak", ["system", "head_of_admin", "admin", "branch_accountant", "accountant"])
   async editProductType(
     @Request() req: RequestWithUser,
     @Body() body: ProductTypeUpdate,
@@ -210,7 +210,7 @@ export class ProductType extends Controller {
   }
 
   @Delete("{typeId}")
-  @Security("keycloak", ["system", "head_of_admin", "admin", "accountant"])
+  @Security("keycloak", ["system", "head_of_admin", "admin", "branch_accountant", "accountant"])
   async deleteProductType(@Path() typeId: string) {
     const record = await prisma.productType.findFirst({ where: { id: typeId } });